Information security breaches aren’t cheap — the average breach costs $7.2 million.
They’re massively inconvenient, taking most companies 80 (or more) days to detect and more than four months to resolve. Continuing the trend of less-than-stellar news, infosec breaches are also inevitable — from insider threats to socially engineered attacks and active malware campaigns, network compromise is “when,” not “if.”
The good news? It’s not all doom and gloom. With the right approach to infosec strategy, it’s possible to significantly reduce the chance of breaches, limit their impact and improve your response.
Where are attackers most likely to strike? Where you’re most vulnerable. As a result, it’s critical for companies to have hard conversations about emerging network security issues, potential problems with privilege and access, and legacy solutions that may limit the ability of IT professionals to defend corporate assets.
It’s critical to understand the “lay of the land” in your IT infrastructure along with identifying key players and their objectives. Then you need to start asking hard questions: What’s working in current security? What could be better? What’s worth keeping and what must go? The answers aren’t always easy, and could mean significant change in day-to-day processes — but improving baseline security is a sure-fire way to warn off would-be attackers.
Encrypt, Encrypt, Encrypt
The easiest mark for cybercriminals is unencrypted data. This could be data stored on local stacks, kept on cloud servers or sent as plain text via email. It might be data hijacked using dummy WiFi connections or snatched after compromising user credentials, but it all offers the same benefit for hackers — it’s completely unprotected.
The result? Companies can boost the impact of their infosec by using encryption everywhere. This includes encrypting data in cloud (using 256-bit AES and strong block ciphers) along with data stored closer to home. Next up? Data in transit, and data handled by applications and webpages — think HTTPS and secure apps to limit the chance of a breach.
Go Big or Get Breached
Both the number and type of attacks are on the rise. For example, hackers continue to exploit vulnerabilities in commonly used code (i.e., Heartbleed and Shellshock) or attacks against the hardware itself (i.e., Spectre and Meltdown) while also using SQL injection and cross-site scripting techniques to derail applications. SQL injection is particularly worrisome since many companies don’t limit the nature of commands accepted by SQL-attached text entry fields. Add drive-by malware, accidental insider threats and third-party content that may not be secure, and it’s no surprise that networks are under threat.
The solution? It’s time to go big on infosec efforts. This includes cloud-based firewalls, runtime application security, virtual private networks (VPNs) and per-device monitoring tools that let IT pros track and monitor suspicious activity. You’re probably thinking this sounds like a significant time and money sink — and you’re right — but it’s better than the $7.2 million alternative.
Just as the cloud revolutionized business IT, the maturing Internet of Things (IoT) represents the same kind of disruption. Consider this: According to Help Net Security, 62 percent of survey respondents ages 25-34 said cybersecurity will now factor into their purchase of a vehicle. As this kind of connected technology becomes ubiquitous — and expected — the chance for compromise also ramps up. Insecure IoT networks gave rise to the recent Mirai botnet and IoT security continues to be overlooked at a corporate level, providing an easy access point for hackers. Address IoT security now or pay the price down the line.
Ramp Up Response
Better infosec demands recognition that attacks will eventually happen. Ideally infosec prepares for these attacks by creating a plan of action. This means identifying likely attack vectors, specifying procedures and personnel to help contain compromise and remediate network damage, and regularly testing this plan in situ. Ideally, test every few months and as broadly as possible — better to know if something isn’t right during a test ran than during an actual attack event.
Want better infosec response? Ask the hard questions, always encrypt, go all-in and make sure your (regularly tested) response plan includes IoT.
Author bio: Aaron David Goldman is a network/application security engineer with expertise in cryptography, network-based malware analysis, application security and machine learning. Goldman holds a PhD in Computer Science from Georgia Institute of Technology. He works for the application security company tCell, where he researches and implements detections of and defense against advanced application security threats.